# zitadel/zitadel **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/zitadel-zitadel).** 13,029 stars · 944 forks · Go · agpl-3.0 ## Links - GitHub: https://github.com/zitadel/zitadel - Homepage: https://zitadel.com - awesome-repositories: https://awesome-repositories.com/repository/zitadel-zitadel.md ## Topics `2fa` `authentication` `authorization` `fido2` `identity` `login` `mfa` `multitenancy` `oauth2` `oidc` `openid-connect` `passkeys` `saml` `scim` `sso` `user` ## Description This project is a cloud-native identity and access management platform designed to centralize authentication, authorization, and identity lifecycle management. It functions as a standards-compliant OpenID Connect authorization server, providing secure session management and token issuance for web, mobile, and device-based applications. The platform is built to handle complex identity requirements through stateless token authentication and support for modern passwordless methods, including biometrics and hardware keys. What distinguishes this platform is its native support for multi-tenant environments, allowing organizations to manage isolated identity configurations, custom branding, and federated login policies within a single instance. It features a programmable authentication engine that enables developers to inject custom business logic into login and token generation flows using event-driven scripts. This extensibility is complemented by robust B2B capabilities, such as domain-based user routing and project-level access delegation, which facilitate secure collaboration across different business entities. The platform covers a broad capability surface, including comprehensive audit trails, external log streaming, and administrative resource management APIs. It supports diverse integration strategies, ranging from social logins and external identity brokering to directory service synchronization. The system is designed for high availability and scalability, utilizing event-sourced state persistence and container-orchestrated deployment patterns to ensure reliable operation in production environments. The software is distributed as container images, with support for automated deployment and zero-downtime updates through a phase-separated lifecycle management approach. ## Tags ### Security & Cryptography - [Identity and Access Management](https://awesome-repositories.com/f/security-cryptography/identity-access-management.md) — Centralizes user authentication, authorization, and identity lifecycle management across multiple applications and services. - [Identity and Access Management Servers](https://awesome-repositories.com/f/security-cryptography/identity-and-access-management-servers.md) — Handles user authentication, authorization, and identity federation across multiple applications and organizations. - [Passwordless Authentication](https://awesome-repositories.com/f/security-cryptography/identity-access-management/authentication-strategies/user-facing-login-methods/standard-web-authentication-schemes/passwordless-authentication.md) — Enables secure sign-in using device biometrics or hardware keys to replace traditional password-based authentication. ([source](https://zitadel.com/docs/concepts/features/passkeys)) - [OpenID Connect Providers](https://awesome-repositories.com/f/security-cryptography/openid-connect-providers.md) — Issues identity tokens and manages secure login flows for web, mobile, and device-based applications using OIDC standards. - [Session Authentication](https://awesome-repositories.com/f/security-cryptography/session-authentication.md) — Manages secure user session authentication for both interactive web applications and device-limited environments. ([source](https://zitadel.com/docs/apis/introduction)) - [Multi-Tenant Identity Management](https://awesome-repositories.com/f/security-cryptography/identity-access-management/access-control/identity-role-management/multi-tenant-identity-management.md) — Manages isolated identity environments for different organizations, including custom branding, federated login, and delegated access control policies. - [Identity Providers](https://awesome-repositories.com/f/security-cryptography/identity-providers.md) — Enables centralized authentication by managing external identity provider integrations at the instance or organization level. ([source](https://zitadel.com/docs/guides/integrate/identity-providers/introduction)) - [Single Sign-On](https://awesome-repositories.com/f/security-cryptography/single-sign-on.md) — Initiates secure single sign-on login flows by redirecting users to standard authentication endpoints. ([source](https://zitadel.com/docs/apis/saml/endpoints)) - [Access Token Management](https://awesome-repositories.com/f/security-cryptography/access-token-management.md) — Provides mechanisms for swapping authentication tokens to support delegation and impersonation workflows. ([source](https://zitadel.com/docs/guides/integrate/token-exchange)) - [Programmable Engines](https://awesome-repositories.com/f/security-cryptography/authentication-flows/programmable-engines.md) — Allows developers to inject custom logic and external data into login flows using event-driven scripts. - [Authentication Redirection](https://awesome-repositories.com/f/security-cryptography/authentication-redirection.md) — Redirects users to a centralized login page for authentication and SSO before returning them to the application. ([source](https://zitadel.com/docs/guides/integrate/login/hosted-login)) - [Programmable Workflows](https://awesome-repositories.com/f/security-cryptography/authentication-workflows/programmable-workflows.md) — Extends standard login and token generation processes with programmable logic to meet specific business requirements. - [Domain-Based Access Controls](https://awesome-repositories.com/f/security-cryptography/domain-based-access-controls.md) — Directs users to specific organization login policies based on the domain suffix of their email address. ([source](https://zitadel.com/docs/guides/solution-scenarios/domain-discovery)) - [Authentication Templates](https://awesome-repositories.com/f/security-cryptography/identity-providers/authentication-templates.md) — Defines authentication behavior including scopes, automatic account creation, and profile synchronization for external services. ([source](https://zitadel.com/docs/guides/integrate/identity-providers/introduction)) - [Identity Resource Management](https://awesome-repositories.com/f/security-cryptography/identity-resource-management.md) — Exposes modern resource-based APIs for managing users, organizations, and identity providers. ([source](https://zitadel.com/docs/apis/introduction)) - [JWT Authentication](https://awesome-repositories.com/f/security-cryptography/jwt-authentication.md) — Verifies service accounts by signing tokens with private keys to enable stateless and granular access control. ([source](https://zitadel.com/docs/guides/integrate/service-accounts/authenticate-service-accounts)) - [Client Credentials](https://awesome-repositories.com/f/security-cryptography/client-credentials.md) — Verifies service accounts using client identifiers and secrets for non-signing authentication scenarios. ([source](https://zitadel.com/docs/guides/integrate/service-accounts/authenticate-service-accounts)) - [Device Authentication Flows](https://awesome-repositories.com/f/security-cryptography/device-authentication-flows.md) — Implements device-based authorization flows for hardware with limited input capabilities. ([source](https://zitadel.com/docs/guides/integrate/login/oidc/device-authorization)) - [Role-Based Access Control](https://awesome-repositories.com/f/security-cryptography/identity-access-management/access-control/data-resource-permissions/role-based-access-control.md) — Enables sharing of project resources with external organizations while maintaining strict role-based access control. ([source](https://zitadel.com/docs/guides/manage/console/projects-overview)) - [Session and Credential Management](https://awesome-repositories.com/f/security-cryptography/identity-access-management/authentication-strategies/session-and-credential-handling/session-credential-management.md) — Verifies user credentials to generate and manage session identifiers and tokens. ([source](https://zitadel.com/docs/guides/integrate/login-ui/username-password)) - [OAuth and Identity Providers](https://awesome-repositories.com/f/security-cryptography/identity-access-management/authentication-strategies/user-facing-login-methods/oauth-identity-providers.md) — Enables users to sign in with existing accounts from popular services to simplify the login experience. ([source](https://zitadel.com/docs/guides/integrate/identity-providers/introduction)) - [Personal Access Tokens](https://awesome-repositories.com/f/security-cryptography/personal-access-tokens.md) — Verifies service account requests by including personal access tokens in request headers. ([source](https://zitadel.com/docs/guides/integrate/service-accounts/authenticate-service-accounts)) - [Service Account Management](https://awesome-repositories.com/f/security-cryptography/service-account-management.md) — Rotates credentials and enforces least-privilege access for service accounts to prevent unauthorized access. ([source](https://zitadel.com/docs/guides/integrate/service-accounts/authenticate-service-accounts)) - [Session Termination Services](https://awesome-repositories.com/f/security-cryptography/session-termination-services.md) — Invalidates active user sessions through authenticated requests or direct token revocation. ([source](https://zitadel.com/docs/guides/integrate/login-ui/username-password)) - [User Profile Management](https://awesome-repositories.com/f/security-cryptography/identity-access-management/identity-management/user-management/user-profile-management.md) — Creates user accounts with profile data, email verification, and custom metadata fields. ([source](https://zitadel.com/docs/guides/integrate/login-ui/username-password)) - [Scalable Architectures](https://awesome-repositories.com/f/security-cryptography/identity-aware-infrastructure/scalable-architectures.md) — Deploys and maintains highly available, production-ready identity services that support global traffic and automated system updates. - [Identity-Based Access Brokers](https://awesome-repositories.com/f/security-cryptography/identity-based-access-brokers.md) — Links external user accounts to local identities to provide unified access across multiple third-party authentication services. ([source](https://zitadel.com/docs/concepts/features/identity-brokering)) - [Identity Provider Connections](https://awesome-repositories.com/f/security-cryptography/identity-provider-connections.md) — Connects external authentication services using pre-built templates or generic protocols like OIDC, SAML, and LDAP. ([source](https://zitadel.com/docs/concepts/features/identity-brokering)) - [Session Management](https://awesome-repositories.com/f/security-cryptography/session-management.md) — Provides visibility into active user sessions to support custom account management interfaces. ([source](https://zitadel.com/docs/guides/integrate/login-ui/username-password)) - [User Access Management](https://awesome-repositories.com/f/security-cryptography/user-access-management.md) — Facilitates centralized access control by fetching user role information across organizations via administrative APIs. ([source](https://zitadel.com/docs/guides/integrate/retrieve-user-roles)) - [Authentication Flows](https://awesome-repositories.com/f/security-cryptography/authentication-flows.md) — Links custom scripts to specific system triggers to control how business logic executes during authentication or token generation. ([source](https://zitadel.com/docs/apis/actions/introduction)) - [Authentication Claims](https://awesome-repositories.com/f/security-cryptography/custom-attribution-tracking/authentication-claims.md) — Supports adding specific data claims to authentication responses to enable application-specific authorization logic. ([source](https://zitadel.com/docs/apis/saml/endpoints)) - [Customizable Login Interfaces](https://awesome-repositories.com/f/security-cryptography/identity-access-management/authentication-strategies/user-facing-login-methods/customizable-login-interfaces.md) — Supports self-hosted, branded login interfaces using modern web tools. ([source](https://zitadel.com/docs/guides/integrate/login/hosted-login)) - [Role-Based Access Control](https://awesome-repositories.com/f/security-cryptography/role-based-access-control.md) — Provides API access to query and list roles and permissions assigned to authenticated users. ([source](https://zitadel.com/docs/guides/integrate/retrieve-user-roles)) ### Artificial Intelligence & ML - [Stateless Session Authentication](https://awesome-repositories.com/f/artificial-intelligence-ml/agentic-systems-frameworks/agent-orchestration-multi-agent/security-and-auth/authentication-strategies/session-state/stateless-session-authentication.md) — Verifies user sessions using cryptographically signed tokens to enable distributed authorization without requiring constant database lookups. - [LDAP Authentication](https://awesome-repositories.com/f/artificial-intelligence-ml/agentic-systems-frameworks/agent-orchestration-multi-agent/security-and-auth/authentication-strategies/identity-providers/ldap-authentication.md) — Integrates directory services to authenticate users by mapping directory attributes to local profiles. ([source](https://zitadel.com/docs/guides/integrate/identity-providers/ldap)) ### System Administration & Monitoring - [Multi-Tenancy Platforms](https://awesome-repositories.com/f/system-administration-monitoring/multi-tenancy-platforms.md) — Configures separate organizations with unique branding and federated login settings for B2B support. ([source](https://zitadel.com/docs/guides/solution-scenarios/b2b)) - [System Audit Trails](https://awesome-repositories.com/f/system-administration-monitoring/system-audit-trails.md) — Provides access to historical system changes and events to support incident investigation and security auditing. ([source](https://zitadel.com/docs/concepts/features/audit-trail)) - [Log Streaming](https://awesome-repositories.com/f/system-administration-monitoring/log-streaming.md) — Streams audit logs and event data to external monitoring systems to support centralized security analysis and compliance reporting. ([source](https://zitadel.com/docs/concepts/features/audit-trail)) ### DevOps & Infrastructure - [Cloud Native Infrastructure](https://awesome-repositories.com/f/devops-infrastructure/cloud-native-infrastructure.md) — Provides a container-ready platform designed for high availability, horizontal scaling, and automated deployment. - [High Availability Infrastructure](https://awesome-repositories.com/f/devops-infrastructure/high-availability-infrastructure.md) — Ensures continuous service availability by distributing identity services across multiple regions with robust storage. ([source](https://zitadel.com/docs/concepts/architecture/solution)) - [Identity Deployment Orchestrators](https://awesome-repositories.com/f/devops-infrastructure/identity-deployment-orchestrators.md) — Packages identity services into portable container images for consistent deployment and scaling. - [Production Cluster Deployers](https://awesome-repositories.com/f/devops-infrastructure/infrastructure/infrastructure-as-code/management/infrastructure-orchestration/production-cluster-deployers.md) — Automates the provisioning and configuration of production-ready clusters including secrets and database connections. ([source](https://zitadel.com/docs/self-hosting/deploy/kubernetes)) - [Zero-Downtime Deployments](https://awesome-repositories.com/f/devops-infrastructure/zero-downtime-deployments.md) — Performs zero-downtime upgrades by routing traffic only after new instances confirm readiness. ([source](https://zitadel.com/docs/concepts/architecture/solution)) - [Production Environment Configurations](https://awesome-repositories.com/f/devops-infrastructure/infrastructure/configuration-policy-enforcement/production-environment-configurations.md) — Provides production-tuned configurations for custom domains, TLS, and secure database connectivity. ([source](https://zitadel.com/docs/self-hosting/deploy/compose)) - [Infrastructure Scaling](https://awesome-repositories.com/f/devops-infrastructure/infrastructure-scaling.md) — Supports high availability and automatic scaling by running stateless application instances in parallel. ([source](https://zitadel.com/docs/self-hosting/manage/updating_scaling)) - [Deployment Lifecycle Managers](https://awesome-repositories.com/f/devops-infrastructure/deployment-lifecycle-managers.md) — Separates initialization, setup, and runtime operations into distinct phases for improved deployment control. ([source](https://zitadel.com/docs/self-hosting/manage/updating_scaling)) ### Software Engineering & Architecture - [Multi-tenant Isolation Policies](https://awesome-repositories.com/f/software-engineering-architecture/multi-tenant-isolation-policies.md) — Enforces data and security policy boundaries between organizations within a single multi-tenant instance. - [Event Sourcing](https://awesome-repositories.com/f/software-engineering-architecture/event-sourcing.md) — Persists system state as an immutable sequence of events to ensure reliable audit trails and recovery. - [Event Hooks](https://awesome-repositories.com/f/software-engineering-architecture/core-business-logic/event-hooks.md) — Triggers external HTTP endpoints in response to specific API requests or system events to extend authentication flows. ([source](https://zitadel.com/docs/concepts/features/actions_v2)) - [API Design Standards](https://awesome-repositories.com/f/software-engineering-architecture/api-design-standards.md) — Exposes system entities through standardized endpoints to provide a predictable and scalable interface for administrative and management tasks. - [Application Lifecycle Management](https://awesome-repositories.com/f/software-engineering-architecture/application-lifecycle-management.md) — Decouples database migrations from application execution to support zero-downtime updates. - [Migration Runners](https://awesome-repositories.com/f/software-engineering-architecture/application-versioning-systems/migration-runners.md) — Executes setup tasks and database migrations to ensure safe and fast application version updates. ([source](https://zitadel.com/docs/self-hosting/manage/updating_scaling)) - [Project Context Managers](https://awesome-repositories.com/f/software-engineering-architecture/project-context-managers.md) — Groups applications, roles, and security policies into unified project contexts for consistent management. ([source](https://zitadel.com/docs/guides/manage/console/projects-overview)) ### Development Tools & Productivity - [Script Execution Engines](https://awesome-repositories.com/f/development-tools-productivity/script-execution-engines.md) — Executes custom JavaScript logic at authentication lifecycle hooks to inject business rules. - [Project Configuration](https://awesome-repositories.com/f/development-tools-productivity/project-scaffolding-config-code-generation/project-scaffolding-configuration/project-configuration.md) — Enforces consistent branding and security policies across project-level configurations. ([source](https://zitadel.com/docs/guides/manage/console/projects-overview)) ### Business & Productivity Software - [B2B Customer Management](https://awesome-repositories.com/f/business-productivity-software/b2b-customer-management.md) — Manages B2B organizations and administrators through a web-based console for user and SSO configuration. ([source](https://zitadel.com/docs/guides/integrate/onboarding/b2b)) ### Networking & Communication - [Traffic Routing Controllers](https://awesome-repositories.com/f/networking-communication/traffic-routing-controllers.md) — Manages external traffic routing to the platform using ingress controllers and gateway APIs. ([source](https://zitadel.com/docs/self-hosting/deploy/kubernetes))